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Description 

METHOD AND SYSTEM FOR CONTROLLING THE 

DISCLOSURE TIME OF INFORMATION 
Technical Field 

[001] This invention relates to the field of supply of infonnation. In particular, this 
invention relates to controlling the disclosure time of infonnation. 
Background Art 

Over recent years, there has been a huge mciease in the volume of information 
published and distributed electronically. 
[003] The advent of the Internet and communication via &.maU means feat infonnation 
can be obtained and downloaded directly to an electronic device such as a computer or 
a mobile phone via communication means such as telephone networks. A high volume 
of infonnation can be distributed quickly as long as there is available bandwidth 
capacity in the communication means. 

Infonnation can also be stored electronically on a storage medium such as a 
diskette or a CD-ROM and the storage medium can be distributed. A high volume of 
information can be transferred on a relatively small storage device. 

In this way electronic devices operate to receive infonnation botii in a connected 
and a disconnected environment. The received infonnation can tiien be stored on the 
electronic device itself for as long as tiie user requires the infonnation. The tenn in- 
f omiation is used to encompass all types of data mcluding as examples tiie foUowing: 
documents; visual data such as still or moving rniages; audio data such as music, voice, 
etc. 

[006] Problems are faced when distributing infonnation using electronic means wherein 
the infonnation is only made available at a specific time. AU tiie people wanting tiie in- 
fonnation will instantly try to download tiie data from tiie same source all at tiie same 
time. This can lead to overstretchmg of resources and subsequent delays. Also, offline 
users cannot access tiie infonnation as quickly as connected users as tiiey must wait for 
tiie infonnation to be received on a storage device which must be phy sicalty 
transferred. 

[007] A distinction can be made between tiie distribution of infonnation and tiie abitity to 
access tiie infonnation. For example, information may be sent electronically to a 
recipient as encrypted data. The infonnation in tiie encrypted data can only be accessed 
by tiie recipient witii a key such as a password to unlock tiie encrypted data. The time 
of access to tiie mfonnation can be governed by tiie issue of tiie key to tiie recipient 

[008] Controlling tiie time of tiie disclosure of infonnation is important for time sensitive 
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material. For example, txmspwy accounts, results, reports and announcements may 

need to be disclosed after a certain time. Such documents may te large ami distribute 
by dectronic means m^ be economical and practical conqnred to more traditional 
means of distribution such as printed documents. 
[009] Qnema fihn distribution is another area in which the timed disclosure of in- 

fonnation would be beneficial. Cunently a film for release is distributed on the release 
date via sateflite communication. It would be beneficial to be able to send the 
encrypted fihn via a public IP networic at any time prior to the rdease date so that 
advant^ could be taken of downtime in the network communications avoiding 
congestion and delays. 

Anoflier bnsmess problem associated with tiie time of dteclosure of information 
arises if a party wishes to provide proof to others that they knew of sometiiing before 
the event, but could not disclose it immediately without business loss. Information 
could be sent in an enciypted fonn and disclosed at a later date. Proof is then provided 
ttiat the sender had the information at a time before the disclosure time. 
Disclosure of Invention 
[01 1] The aim of the present invention is to provide a method and system for controlling 
tiie disclosure time of information. Lifonnation can be distributed and stored by a 
recipiait prior to disclosure to tiie recipient Ihe invention makes use of pubUc key 
cryptography. 

[012] The followmg is a brief summary of public key cryptography. Public key 

cryptography uses a pair of asymmetric related keys, one for encryption and flie oti>er 
for decryption. 

[013] Li normal use, one of tiie key pair (tiie private key) is kept secret by tiie user, while 
tiie otiier key (the public key) can be publicly disclosed. The key pair must have tiie 
property tiiat. given knowledge of flie public kqr, it is infeasible to determine ttie 
private key. 

[014] A user receives or. witfi suitable hardware or software, can generate for itself a pair 
of keys which are generaDy two large numbers. Li normal use, ttie user keeps one of 
ttiese keys private and never discloses it. The other key can safely be made public, just 
like a phone number or similar personal data. Public keys do not have to be published 
to tiie world. They can be shared as widely or narrowly as business and privacy re- 
quirements dictate. 

[015] Due to tiie way tiie keys are generated, mformation encrypted wifli Uie private key 
can only be decrypted witfi tiie public key and vice versa. Using a key pair means tiiat 
tiie sendw and receiver do not need to share a secret key. 

[016] The term "user" is defined as any entity induding individuab. groups of in- 
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dividaals, one or more individuals in a role, corporations, organisations, computer ap. 
plications or systems, automated machines, etc. 
[017] Conventianal use of public key ciyptography makes the fbnowing posable: 

Anyone knowing a user's pubUc key can send the user a message encrypted 

with that key and can be sure that only the user -who alone has the cor- 
responding private key - can decrypt it This provides conjBdentiaUty. 
A user might also encrypt amessage with his private key. Hiis cannot provide 
confidentiaUty, because anyone who knows the corresponding public key can 
decrypt it The fact tiiat fliey can decrypt it means the message must have 
come from the user - who alone has the private key. This jttovides au- 
feentication and can also be used as a basis for non-repudiation - the digital 
equivalent of a signature. 

If a sender signs a message with his own private key and then encrypts it with 
the recipient's public key. confidentiality, authentication and non-repudiation 
are provided together. 

[01 8] In a public key infrastructure, the user typically needs a certificate for his public 
key. This certificate teUs those the user deals with that tiie public key really does 
identiiy tiie user. The public key certificate is issued by a reputable, trusted agency, 
such as a bank. 

[019] A problem arises if die user is dealing with a business associate who does not know 
the bank issuing the certificate certifymg the pubUc key of tiie user. The bank itself can 
have a public key certificate, issued by a suitable umbrella organisation. Hiat umbrella 
organisation too can have a pubHc key certificate. This can result in a chain of cer- 
tificates leading to a point (referred to as tiie root) which tiie business associate does 
know. The hierarchical chams of certificates ultimately end with a master organisation 
at the top of tiie hierarchical tree which has a self-signed certificate. This means that 
tiie public key of tiie self-signed certificate must be obtained by means outside tiie 
public key infrastructure system. 

The means by which users can obtain tiie pubUc key certificates tti€sy need, and be 
sure tfiat tiiose certificates are vaUd, is known as a pubUc key infrastructure (PKI). 
[021] The present invention uses tiie principles and tools of public key cryptogi^hy to 

control the disclosure time of information. 
[022] According to a fiist aspect of tiie present invention tiiere is provided a metiiod for 
controlling tiie disclosure time of information by a pubKsher to one or more recipients 
comprising: a trusted body generating an asymmetrical key pair for a specified date 
and time of disclosure witii an encryption key and a decryption key; tiie trusted body 
providing a digital certificate signed witii a private key of tiie trasted body providing 
tile publisher wifli tiie encryption key prior to tiie specified date and time; tiie publisher 
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using the enoypticm key to enciypt data; the recipient obtauung the enciypted data; 
and the trusted body making the deoyption key available to the recipient at tiie 
specified date and tune. 

[023] The publisher may verify the signature on the digital certificate with the pubUc key 
of the trusted body. 

[024] Preferably, the encryption key is a public key and the decryption key is a private 
key in a public k^ infrastructure. 

[025] The trusted.body may create an asymmetrical key pair for a specified date and time 
on demand from a publisher. 

[026] In one embodiment, the trusted body may generate one toy pair for a specified date 
and dmcw 

r027] In an alternative embodiment, the trusted body may generate one or more key pairs 
for a specified date and time, generating a new pair for each of a plurality of 
publishers. Each of the one or more publishers may have a password issued by the 
trusted body for preventing disclosure of the decryption key. 

[028] The decryption key may be enciypted wiA a public key and only recipients with 
the corresponding private key may obtain the decryption key. 

[029] According to a second aspect of the present invention diere is provided a system 
for controlling the disclosure tune of information comprising: a pubHsher. a trusted 
bodjr; an asymmetrical key pair for a specified date and time of disclosure with an 
encryption key and a decryption key; a digital certificate signed with a private k^ of 
the tnisted body providing the publisher with the encryption key prior to the specified 
date and time; and means for making the decryption key available at the specified date 
and time. 

[030] Ptefetably, the system includes one or more recipients with means for obtaining 
data enciypted with the encryption key from the publishw prior to the specified date 
and time and means for obtaining the decryption key at or after the specified date and 
time. 

[031] The certificate may include the specified date and time, the encryption key value, 
and the name of the tnisted body. 

[032] Preferably, the encryption key is a public key and the decryption key is a private 
key in a public key infrastructure. 

[033] In one onbodiment, 1ha« may be a angle key pair for a specified date and time. Li 
an alternative embodiment, there may be a pluraK^ of publishers and one or more key 
pairs for a specified date and time, a diffnent key pair for each of the plurality of 
publishers for the specified date and time. Each of flie plurality of pubUshats may have 
a password issued by die trusted body for preventing disclosure of the decryption key. 

[034] Tlje decryption key may be encrypted with a pubUc key and only recipients wifli 
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file oonespoziding private key may obtain flie decryption key. 
[035] The tmsted body may have one or more agents who act on behalf of the trusted 
body. An agoit for the trusted body may be a smart card having an intranal clock for 
providing the deciyption key to a recipient 

[0361 The trusted body may be accessible by the publisher and the recipients via a com- 
munication network. 

[037] Accordmg to a third aspect of the present invention there is provided a computer 
program prodoct stored on a computer readable storage medium, comprising computCT 
readable program code means for performing flie steps of: generating an asymmetrical 
key pair for a specified date and time of disclosure with an encryption key and a 
deayption key; providing a digital certificate signed with a private key of the trusted 
body providing a publisher with the encryption key prior to the specified date and time. 
[038] According to a fourth aspect of the present invention there is provided a method for 
controllmg die disclosure time of information by a publisher to one or more recipients 

iprising: a trusted body generating an asymmetrical key pair for a specified date 
and time of disclosure with an encryption key and a deciyption key; the trusted body 
providing the publisher with the encryption key prior to the specified dale and time; the 
publisher using the encryption key to encrypt data; the recipient obtaining the 
encrypted data; and the trusted body making the decryption key available to the 
recipient at the specified date and time; wherein the trusted body generates one or more 
key pairs for a specified date and time, generating a new key pair for each of a plurali^ 
of publishers. 

[039] Each of a pluraUty of pubUshers may have a password issued by the trusted body 
for preventing disclosure of the decryption key for a specified date and time for that 
publisher. 

[040] The deciyption key may be encrypted with a public key and only recipients with 

the corresponding private key may obtain tt& deciyption key. 

Brief Description of the Drawings 
[041] Embodiments of the present invration will now be described, by way of examples 

only, with reference to flie accompanying drawings in which: 
[042] Figure 1 is a diagram of a system in accordance witii the present invention; 
[043] Figure 2 is a diagram of a certificate for use in accordance with the present 

invention; 

[044] Figure 3 A is a diagram of a system in accordance with the present invention at tune 
T<T1; 

[045] Figure 3B is a diagram of the system of Figure 3A at time T^Tl; 

[046] Figure 4 is a flow diagram of a method in accordance with the present invention; 
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and 
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Figure 5 is a di agram of a qrstem in accordance with an embodiment of the present 
invention. 

Mode for the Invention 
[048] Referring to Figure 1 , there is provided a pubUsher 10 who wishes to distribute 

some information 11 to a pluraHty of recipients 12, 13, 14. The pubHsher 10 obtains an 

encryption key and distributes the information 11 in the form of encrypted data 15 to 

each of the recipients 12, 13,14. 
[049] A first recipient 12 obtains the encrypted data 15 by accessing a web site 16 of the 

publisher 10 on the Intemet and downloading the encrypted data 15 to flie recipient's 

12 own computer. 

[050] A second recipient 13 receives a message 17 by e-maU fitom the publisher 10 

attaching a file of the enciypted data 15. 
[051] The first and second recipients 12, 13 are connected to the publisher 10 by a com- 
munication network 19 and are therefore part of an online community. 

A third recipient 14 is disconnected in that he does not have e-mafl or Internet 
access. The third recipient 14 is sent a CD-ROM 18 by the publisher 10 and the CD- 
ROM contains the encrypted data 15. 
[053] The above recipients 12, 13, 14 are token examples of the pluraHty of recipients 
and the encrypted data 15 can be distributed in its electronic form by any available 
means and via third parties. The recipients 12, 13, 14 receive and store the encrypted 
data 15 on any suitable electronic device, which may include a computer, a mobile 
phone, etc. 

[054] The enciypted data 15 cannot be accessed or read by the recipients 12, 13, 14 and 
therefore has not been disclosed to the recipients. At a time controlled by the publisher, 
a decryption key is made available to the recipients 12, 1 3, 14. The key enables the 
recipients 12, 13, 14 to access the information 11. 

[055] A trusted service is provided that manages and provides a public key infi^tructure 
service. The trusted service publishes digital catificates for specific dates and times in 
die future. The digital certificates are certified by the trusted service by a signature 
using the trusted services private key. 

[056] The trusted service is publicly accessible, for example via a web site on the Internet 
or by e-mail access. The trusted service is itself certified by an umbrella organisation 
which ratifies the trusted service by providing a certificate of the trusted service's 
public key. The certificate is signed with the private key of the umbrella organisation. 
A chain of certificates may be provided with a root of the chain which is bootsliapped 
or confirmed by a means outside the public key infrastructure. 
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[057] Refemng to Hguie % a distal calificate 20 is shown. The digital certificate 20 

contains certificate infonnation 21 . The certificate information 21 mcludes the subject 
22 of the certificate 20 which is the date and time, a pabUc key value 23 for ttie date 
and time and the name 24 of the tmsted service issuing tiie certificate. A digital 
signature 25 is generated using tiie certificate mformation 21 by encrypting the 
ceartificate information 21 witii tiie private key 26 of the trusted service. The digital 
signature 25 is inserted in the digital certificate 20. 

[05 8] A publisher wishing to disclosure mfonnation at a given fature date and time 

approaches tfie trusted service and requests a public key 23 for the given date and time. 
For example, a publisher may ask the trusted service for a pubUc key for 22 April 2003 
at 10.00hr. The trusted service will issue a randomly generated certified digital 
c^'ficate 20 which contains the public key 23. 

[059] Providing the public key 23 which is to be used for encryption in the form of a 
CCTtificate from tiie trusted service enables the users to trust that the coiresponding 
private key is to be released at tiie given time. Also, the security provided by a 
certificate prevents an impostor from posing as a tmsted service and issuing a public 
key and thrai publishing flie private key before time or not at all. 

[060] The publisher 10 may now take tiie information 1 1 which he wishes to distribute 
and encrypt it using tiie pubUc k^ 23 which has been provided by tiie tmsted service 
for tiie date and time of 22 April 2004, lO.OOhr. The encrypted data 15 can tiien be 
distributed as discussed in relation to Figure 1. Recipients 13, 14, 15 who wish to 
receive the information 1 1 can tiien obtain the encrypted data 15 any time before 22 
April 2004, lO.OOhr; however, tiie recipients 13. 14, 15 cannot decrypt tiie encrypted 
data 1 5 as tiiey do not have the private key corresponding to tfie public k^ 23. 

[061] At tiie given date and time, in tiiis example 22 April 2004, lO.OOhr, tiie tmsted 

service makes tiie private key available. For example, tiie trusted service may publish 
tiie private key on a web site or may provide it by e-maU m response to a request. Tlie 
recipients can obtain tiie private key from tiie trusted service and tiiey can tiien decrypt 
the encrypted data 15 and access the information 11. 

[062] The tmsted savice can make tiie private key available m a digital certificate signed 
by tiie trasted service. Before tiie time of disclosure, tiie trusted service issues digital 
certificates 20 as shown m Figure 2 contaming tiie pnbUc key value 23. After flie time 
of disclosure tiie trusted service can issue tiie digital certificate witii both tiie public 
key value 23 and the corresponding private key value. 

[063] The tmsted service may opiate via tiie hitemet and proxies and system caches can 
be used to reduce tiie burden on tiie main site as recipients demand tiie private key. The 
private key is relatively small in size and tiierefore quick to distribute at tiie given time. 
In tiiis way, tiie recipients are all able to access tiie information 1 1 very soon after ttie 
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[066] 



given date and time ensuring that an redpiOT^ ^. 
fbnnation 11 promptly after tiie given time. 

Figures 3A and 3B show the transfers of tiie pubOc and private keys between the 
parties. Figure 3A is at a time, T, any time before a specific time Tl, i.e.T<^ri. Figure 
3B is at a time, T, any time at or after the specLBc time Tl, i.e. T^Tl. 

In Figures 3 A and 3B ihete is shown a publisher 1 0 and four recipients 3 1 . There is 
also shown a tnisted service 30. In Figure 3A, tiie publisher 10 obtains a public key 32 
from the tmsted service 30 at some time before a specific time. Tl. Ihe publishw 10 
wants some uiformation to be disclosed to the recipients 31 at the specific time Tl. The 
publisher 10 encrypts tiie information and tiie recipients 31 obtain die enciypted in- 
formation 15 ftom tiie publisher 1 0 at any time once die infbimation has been 
enaypted. The recipients 31 may obtain tiie enciypted infomiation 15 at different 
times. 

Figure 3B shows tiie same publisher 10 and recipients 31 as in Figure 3A but after 
time Tl. The recipients 31 each obtain tiie private key 34 corresponding to tiie pubUc 
key 32 of Figure 3 A from tiie trusted service 31. The recipients 31 can each tiien 
deciypt tiie encrypted mformation 15 which tiiey obtained prior to time Tl. 
[067] Figure 4 is a flow diagram showing tiie actions of a publisher and a single 

recipient Figure 4 shows time. T, progressing towards tfie bottom of tiie page witii tiie 
specific time Tl shown in relation to tiie actions. At box 41 a publisher obtains a 
pubHc key for encrypting some information which tiie publisher wishes to disclose at 
or after time Tl . The publisher encrypts 42 tfie information and tiie encrypted in- 
formation is made available 43 to recipients. At box 44. a recipient X obtains tiie 
encrypted information and stores it. awaiting time Tl. At time Tl, tiie private key 
becomes available for decrypting tiie encrypted information. At box 46 tiie recipient X 
obtains tiie private key and tiie recipient X decrypts 47 tiie information. 

For recipients who do not have onHne access but wish to access tiie mformation at 
tiie given date and time, tiie key may be supplied in advance by tiie trusted service on a 
time based smart card which would ensure tiiat tiie private key only becomes available 
after tiie specific time. A smart card would be provided witii an internal clock and 
power means, for example a battery. The trusted service would activate tiie clock and 
program tiie card witii tiie private key to be disclosed at a given time. The key would 
automatically become available on tiie smart card when tiie clock reached tiie given 
time. 

[069] Similarly, tiie private key could be provided on a data storage means which when 
inserted into a computer reacts to a computer's internal clock to release tiie key at tiie 
given time. The clock must be a trusted time^keeper or have access to a tnisted time 
sttver. A taisted time-keeper wiU sign a digital certificate for a current time. 
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[070] The trusted service may have one or more agents which are trusted to paf oim the 
job of disclosing the pnvate key. 

[07 1] In a first embodimait of the described method and system, the trusted service 
provides a single key for each date and time. Hie keys are created on demand. 
Therefore, when a first publisher requests a key for a specific date and time, Tl, the 
trusted service creates a pnbKc/private key pahr for ttiat time. If a second publisher also 
requests a key for time Tl. the same key pair is used and the same pubUc key is 
provided to the second publish^ as was provided to the first publisher. In this way, 
only the exact number of key pairs for the times required is created. No redundant keys 
are created and stored by the trusted service or its agents thereby reducing overheads. 

[072] More than one publisher can safely use the same pubHc key for encryption as the 
publish^ only have the public key and cannot therefore decrypt information 
encrypted by another publisher using the same public key. The publishers cannot 
obtam the coiresponding private key until it is issued by the trusted service at the 
specified time. 

[073] The table shown below illustrates the private keys as they would be published by 
the trusted service. One key is provided for each date and time for which a key has 
been requested. 



DATE, TIME 


DECRYPTION KEY (PRIV ATE KEY) 


22 April 2004, 10.00 


JK6., 




22 April 2004, 16.50 


7LJ... . 




23 April 2004, 09.00 


JU9, 




25 April 2004, 14.00 


5TN 





[074] In a second embodunent, the trusted SMvice creates additional keys for each 

publisher who wishes to publish at a specific time. A first publisher may request a key 
for date and time T2 and the trusted service creates a key pair and issues the public key 
to die first publisher. If a second publisher requests a key for the same date and time 
T2. the trusted service creates a second key pair and issues the public key of the second 
key pak to the second publisher. At time T2. die trusted service publishes both the 
private keys of the key pairs created for time T2. 

[075] The second embodiment has die advantage that a publisher can stop disclosure of 
information which has already been distributed in its encrypted form before it is 
disclosed at time T2. This can be done by the publisher informing the tmsted service 
that the private key is not to be disclosed. As the key pair is unique to a single 
publishCT, the publisher can dictate if the private key is disclosed or not witiiout 
affecting any otiier disclosures taking place at the same time. A password can be used 
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[076] 



[077] 



[078] 



[079] 



for vaUdating the publisher's identity when instructing the trusted service not to 
publish a private key. The password would be issued to the publisher with the public 

in the certificate from the trusted s«vice. PasswonJs would be securely distributed 
using the public key infrastructure. 

The table shown below fllustrates tiie private k^s as they would be published by 
die trusted service for the second embodhnent More than one private key may be 
provided for each date and tune for which a key has been requested with each private 
key identified by the publisher to vAnch it relates. 



TIME 


PUBLISHER 


DECRYPTION KEY 






(PRIVATE KEY) 


22 April 2004. 10.00 


Publisher P 


RT8 , 




22 April 2004, 10.00 


Publisher Q 


TOR.. , 




25 AprU 2004, 14.00 


Publisher A 


90F.., . 




25 April 2004, 14.00. 


Publisher B 


YC3 




25 April 2004, 14.00 


Publisher C 


8ES . 




26 April 2004, 08.00 


Publisher Z 


160 





embodiment described above, the distribution of the private key is limited to a pre- 
defined audience. A key pair may be cieated for time T3 for pabUsher P and a pubUc 
key issued to publishw P. The private key is only made available, after time T3, to a 
pte-defined audience of recipients. This can be achieved by the trusted service 
ennypting the private key for time T3 wift a public key of a key pair. Only the pie- 
defined audience of recipients will hold the conespondmg private key. 

For example, IBM employees may all be issued with the same private key for IBM 
confidential disclosoies. If mfbimation is to be distributed at time T3 to the employees 
of IBM but is not to be generally disclosed outside the group of the employees of IBM, 
the private k^ for time T3 is enoypted with the public key conesponding to die 
private key for IBM employees. In this way. the open Internet may be used to transfer 
infonnation which is confidential to a given groi^ or set of recipients and which is to 
be disclosed at a given date and time in Oie fhture. 

Figure 5 illustrates the third embodhnent described above. A publisher 10 wishes 
to publish a docummt 11 at time Tl . The publidier 10 obtains a Tl public key 32 for 
tfane Tl firon a trusted service 30. The tnisted service 30 sends the pubKsher 10 a 
c«tificate 20 which contains the Tl public key 32. The certificate 20 is signed with the 
trusted seivice'8 private key 26. The certificate 20 may also contain a passwoid 50 for 
the publisher 10 to use if the publisher 10 wishes to withdraw flie pubUcation before 
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timeTl. 

[080] Hie publisher 10 optionally checks the signature of the trusted service 30 by using 
tfie trusted service's pubUc key 51. The publisher 10 encrypts the document 1 1 with 
the Tl public key 32 resulting in an encrypted document 15. 

[081] A recipient 3 1 obtains 52 the encrypted document 15 from the publisher 10. The 
recipient 31 in this example is one of a group of IBM authorised personnel who has an 
roM private key 53. The IBM authorised personnel are a group who are authorised to 
have access to a particular category of information and documents which includes 
document 11. 

[082] After tune Tl , the recipient 3 1 obtains 54 the Tl private key 34 from the trusted 
service 30. The Tl private key 34 is encrypted with the IBM public key 55 which 
corresponds to the IBM private key 53. The encrypted Tl private key 34 may 
optionally be provided in a certificate from the trusted service 30. 

[083] The recipient 31 decrypts the Tl private key 34 using the IBM private key 53. The 
recipient 3 1 can then decrypt the encrypted document 15 using the Tl private key 34 to 
access the document II. 

[084] In this way, a document can be distributed to a selected group of recipients ahead 
of its disclosure at a specified date and time. The distribution can be made via the 
public Internet or by other online or offline means at a time to suit each of the 
recipients. As the publisher has a password associated with the public key used for 
encryption, the publish^: can withdraw the disclosure of the information before the 
disclosure date even after tiie encrypted information has been received by the 
recipients. 

[085] For the implementation of the system by the recipients, a client application is 

required to obtain, decrypt and launch media. This may be in the form of a plug-in or 
client side application. 

[086] The disclosed system has numerous uses in which the disclosure of information is 
time sensitive including softwaje update issues, corporate publications, government/ 
press releases to agencies, music releases to radio stations, Dutch auctions, fihn dis- 
tribution, etc. 

[087] The concept of a trusted time-keeper introduced herem can also be used as a means 
of providing proof of ownership of a document at a given time. A trasted time-keeper 
can sign the document with the current time which is certified by the time-keeper. 

[088] Aspects of the present invention are typically implemented as computer program 
products, comprising a set of program instructions for controllmg a computer of 
similar device. These instructions can be supplied preloaded into a system or recorded 
on a storage medium such as a CD-ROM, or made available for downloading over a 
network such as the latemet or a mobile telephoiie network. 
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[089] Iinprovemenls and modificatioiis can be made to the foregoing without depaitmg 
from the scope of the present invention. 



